Reachability makes AI threat modeling worth the trust 2026-06-16 at 09:00 By Mirko Zorz In this interview with Help Net Security, Oscar Andersson, CTO at Oplane, explains why most scanning tools fail. They cry wolf, flagging threats that cannot run in real code. The argument centers on reachability. A finding counts only when someone walks […]
Reachability makes AI threat modeling worth the trust Read More »
Rustinel: Open-source endpoint detection for Windows and Linux 2026-05-11 at 08:51 By Mirko Zorz Open-source endpoint detection has long been split between Windows-focused tools built around Sysmon and Linux tools built around eBPF or auditd. Defenders running mixed environments have had to stitch together separate pipelines, separate rule sets, and separate maintenance burdens. Rustinel, a
Rustinel: Open-source endpoint detection for Windows and Linux Read More »
Betterleaks: Open-source secrets scanner 2026-03-19 at 09:02 By Anamarija Pogorelec Secrets scanning has become standard practice across engineering organizations, and Gitleaks has been one of the most widely used tools in that space. The author of that project has now released a new tool called Betterleaks, which is designed to scan git repositories, directories, and
Betterleaks: Open-source secrets scanner Read More »
Pompelmi: Open-source secure file upload scanning for Node.js 2026-02-02 at 09:10 By Sinisa Markovic Software teams building services in JavaScript are adding more layers of defense to handle untrusted file uploads. An open-source project called Pompelmi aims to insert malware scanning and policy checks directly into Node.js applications before files reach storage or business logic.
Pompelmi: Open-source secure file upload scanning for Node.js Read More »
CERT UEFI Parser: Open-source tool exposes UEFI architecture to uncover vulnerabilities 2026-01-28 at 09:10 By Sinisa Markovic CERT UEFI Parser, a new open-source security analysis tool from the CERT Coordination Center has been released to help researchers and defenders examine the structure of Unified Extensible Firmware Interface (UEFI) software and identify classes of vulnerabilities that
CERT UEFI Parser: Open-source tool exposes UEFI architecture to uncover vulnerabilities Read More »
Brakeman: Open-source vulnerability scanner for Ruby on Rails applications 2026-01-26 at 08:00 By Anamarija Pogorelec Brakeman is an open-source security scanner used by teams that build applications with Ruby on Rails. The tool focuses on application code and configuration, giving developers and security teams a way to identify common classes of web application risk during
Brakeman: Open-source vulnerability scanner for Ruby on Rails applications Read More »
Bandit: Open-source tool designed to find security issues in Python code 2026-01-21 at 08:04 By Sinisa Markovic Bandit is an open-source tool that scans Python source code for security issues that show up in everyday development. Many security teams and developers use it as a quick way to spot risky coding patterns early in the
Bandit: Open-source tool designed to find security issues in Python code Read More »
QR codes are getting colorful, fancy, and dangerous 2026-01-15 at 08:04 By Sinisa Markovic QR codes have become a routine part of daily life, showing up on emails, posters, menus, invoices, and login screens. Security-savvy users have learned to treat links with caution, but QR codes still carry an assumption of safety. Researchers from Deakin
QR codes are getting colorful, fancy, and dangerous Read More »
Firmware scanning time, cost, and where teams run EMBA 2026-01-14 at 13:25 By Mirko Zorz Security teams that deal with connected devices often end up running long firmware scans overnight, checking progress in the morning, and trying to explain to colleagues why a single image consumed a workday of compute time. That routine sets the
Firmware scanning time, cost, and where teams run EMBA Read More »
sqlmap: Open-source SQL injection and database takeover tool 2025-11-10 at 11:28 By Sinisa Markovic Finding and exploiting SQL injection vulnerabilities is one of the oldest and most common steps in web application testing. sqlmap streamlines this process. It is an open-source penetration testing tool that automates the detection and exploitation of SQL injection flaws and
sqlmap: Open-source SQL injection and database takeover tool Read More »
How neighbors could spy on smart homes 2025-10-30 at 13:34 By Mirko Zorz Even with strong wireless encryption, privacy in connected homes may be thinner than expected. A new study from Leipzig University shows that someone in an adjacent apartment could learn personal details about a household without breaking any encryption. By monitoring the wireless
How neighbors could spy on smart homes Read More »
Proximity: Open-source MCP security scanner 2025-10-29 at 08:29 By Mirko Zorz Proximity is a new open-source tool that scans Model Context Protocol (MCP) servers. It identifies the prompts, tools, and resources that a server makes available, and it can evaluate how those elements might introduce security risks. The tool also work with NOVA, a rule
Proximity: Open-source MCP security scanner Read More »
What Chat Control means for your privacy 2025-10-14 at 08:00 By Mirko Zorz The EU’s proposed Chat Control (CSAM Regulation) aims to combat child sexual abuse material by requiring digital platforms to detect, report, and remove illegal content, including grooming behaviors. Cybersecurity experts warn that such measures could undermine encryption, create new attack surfaces, and
What Chat Control means for your privacy Read More »
Nosey Parker: Open-source tool finds sensitive information in textual data and Git history 2025-09-24 at 08:10 By Anamarija Pogorelec Nosey Parker is an open-source command-line tool that helps find secrets and sensitive information hidden in text files. It works like a specialized version of grep, focused on spotting things like passwords, API keys, and other
Nearly 500 researchers urge EU to rethink controversial CSAM scanning proposal 2025-09-09 at 10:22 By Mirko Zorz Nearly 500 scientists and researchers have signed an open letter warning that the latest version of the EU’s Chat Control Proposal would weaken digital security while failing to deliver meaningful protection for children. The signatories represent 34 countries
Nearly 500 researchers urge EU to rethink controversial CSAM scanning proposal Read More »
Artemis: Open-source modular vulnerability scanner 2025-07-30 at 09:00 By Mirko Zorz Artemis is an open-source modular vulnerability scanner that checks different aspects of a website’s security and translates the results into easy-to-understand messages that can be shared with the organizations being scanned. “The most important feature of the tool is report generation. Besides scanning, it
Artemis: Open-source modular vulnerability scanner Read More »
91% noise: A look at what’s wrong with traditional SAST tools 2025-06-19 at 07:32 By Mirko Zorz Traditional static application security testing (SAST) tools are falling short. That’s the key takeaway from a recent report that tested these tools against nearly 3,000 open-source code repositories. The results: more than 91% of flagged vulnerabilities were false
91% noise: A look at what’s wrong with traditional SAST tools Read More »
OWASP Nettacker: Open-source scanner for recon and vulnerability assessment 2025-06-11 at 09:01 By Mirko Zorz OWASP Nettacker is a free, open-source tool designed for network scanning, information gathering, and basic vulnerability assessment. Built and maintained by the OWASP community, Nettacker helps security pros automate common tasks like port scanning, service detection, and brute-force attacks. It
OWASP Nettacker: Open-source scanner for recon and vulnerability assessment Read More »
Vuls: Open-source agentless vulnerability scanner 2025-05-05 at 07:33 By Help Net Security Vuls is an open-source tool that helps users find and manage security vulnerabilities. It was created to solve the daily problems admins face when trying to keep servers secure. Many administrators choose not to use automatic software updates because they want to avoid
Vuls: Open-source agentless vulnerability scanner Read More »
Hackers Looking for Vulnerable Palo Alto Networks GlobalProtect Portals 2025-04-01 at 18:49 By Ionut Arghire GreyNoise warns of a coordinated effort probing the internet for potentially vulnerable Palo Alto Networks GlobalProtect instances. The post Hackers Looking for Vulnerable Palo Alto Networks GlobalProtect Portals appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View
Hackers Looking for Vulnerable Palo Alto Networks GlobalProtect Portals Read More »